wolfssl-wolfcrypt 2.0.0

Rust wrapper for wolfssl C library cryptographic functionality
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

# wolfssl-wolfcrypt crate

The `wolfssl-wolfcrypt` crate is a Rust wrapper for the wolfCrypt cryptographic
algorithms portion of the wolfSSL C library.

This crate requires wolfSSL version 5.9.0 or newer.

The crate uses `no_std` so that no Rust standard library is required.
This makes it well-suited for embedded/bare-metal environments.

There is an optional `alloc` feature that enables APIs which require heap
allocation.

## Installation

The `wolfssl` C library must be installed to be used by the Rust crate.

The `wolfssl-wolfcrypt` crate can be used by including it as a dependency in
your project's `Cargo.toml` file.

For example:

```
[dependencies]
wolfssl-wolfcrypt = "2.0"
```

## API Coverage

This crate provides a wrapper API for the following wolfCrypt C library
functionality:

  * AES
    * CBC, CCM, CFB, CTR, EAX, ECB, GCM, OFB, XTS
  * BLAKE2
  * CMAC
  * ChaCha20-Poly1305
  * Curve25519
  * DH
  * ECC
  * Ed25519
  * Ed448
  * HKDF
  * HMAC
  * LMS
  * ML-DSA
  * ML-KEM
  * PBKDF2
  * PKCS #12 PBKDF
  * PRF
  * RNG
  * RSA
  * scrypt
  * SHA
    * SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-224, SHA3-256, SHA3-384,
      SHA3-512, SHAKE128, SHAKE256
  * SRTP/SRTCP KDF
  * SSH KDF
  * TLSv1.3 HKDF

## RustCrypto Trait Support

In addition to its native API, this crate can implement the common
[RustCrypto](https://github.com/RustCrypto) traits for wolfCrypt-backed types.
Each set of trait implementations is gated behind a Cargo feature so that
projects only pull in the dependencies they need. All features are off by
default.

| Feature         | RustCrypto crate | wolfCrypt types                       |
| --------------- | ---------------- | ------------------------------------- |
| `digest`        | `digest`         | SHA (sha_digest), BLAKE2 (blake2_digest) |
| `mac`           | `digest` (mac)   | HMAC (hmac_mac), CMAC (cmac_mac), BLAKE2 (blake2_mac) |
| `signature`     | `signature`      | ECDSA (ecdsa), RSA PKCS#1 v1.5 (rsa_pkcs1v15) |
| `cipher`        | `cipher`         | AES (aes)                             |
| `aead`          | `aead`           | AES-GCM/CCM/EAX (aes), ChaCha20-Poly1305 |
| `rand_core`     | `rand_core`      | RNG (random)                          |
| `kem`           | `kem`            | ML-KEM (mlkem_kem)                    |
| `password-hash` | `password-hash`  | PBKDF2 (pbkdf2_password_hash), scrypt (scrypt_password_hash) |

The BLAKE2, CMAC, and HMAC trait modules additionally require the corresponding
algorithm support to be enabled in the wolfSSL C library.

Enable features in your `Cargo.toml`, for example:

```
[dependencies]
wolfssl-wolfcrypt = { version = "2.0", features = ["digest", "signature"] }
```

## Build Notes

### WOLFSSL_PREFIX

If the wolfSSL C library is not installed in a default location, you can
specify the installation prefix with the `WOLFSSL_PREFIX` environment variable
when building the `wolfssl-wolfcrypt` crate.

For example:

```
WOLFSSL_PREFIX=/opt/my-wolfssl-build cargo build
```

### Cross-Compiling

Ensure that the target you want to build for is installed for Rust.
For example:

```
rustup target add riscv64imac-unknown-none-elf
```

Build with the `--target` option if building manually:

```
export WOLFSSL_PREFIX=/opt/wolfssl-riscv64
cargo build --target riscv64imac-unknown-none-elf
```

To specify the linker for the target:

```
export CARGO_TARGET_RISCV64IMAC_UNKNOWN_NONE_ELF_LINKER=riscv64-elf-gcc
```